This week we unveil the new “Tractis Identity Services” and make it’s API publicly available so that 3rd party people and sites can use them.

These services allow you to use digital certificates to identify other people online. To use this service, you just need a Tractis account and to follow a few simple steps described in the Tractis API documentation (only available in English at the moment).

Use cases

The “Tractis Identity Services” revolve around two use cases:

Synchronous Identification: Allows you to identify your website users by digital certificates. For example: log-in to your portal with a DNIe (Spanish Electronic ID card). This would be the process:

When the user needs to authenticate themselves, they are redirected from your site to Tractis.

Tractis asks the user to identify themselves using their digital certificate.

Tractis verifies the status of the certificate against it’s validation authority.

Tractis returns the result of the identification to you and redirects the user back to your site.

Asynchronous Identification: Allows you to link identities to email addresses. This means you can reliably get the identity of the owner of an email address and therefore increase confidence and avoid fraud. For example: marketplaces (eBay, Loquo, Infojobs…) can use asynchronous authentication to verify parties or to create VIP environments that offer a higher level of confidence. The process would be the following:

Your web site asks Tractis to verify the identity of a user.

The user receives an email from Tractis prompting them to identify themselves via their electronic certificate.

Tractis checks the status of the certificate against it’s validation authority.

Tractis communicates the result of the identification back to you.

In both cases, Tractis returns the result of the identification to your website and you decide what to do with the information.

It is important to underline that this process is configurable – that is to say that your site can specify the attributes that it does and doesn’t want to obtain from the identification process. For example: you might know the name of a user and their ID card number or only their nationality or their age without having to know any other data (useful for restricting access to some content without having to ask for credit card details). Obviously all of these details are extracted from the user’s digital certificate.

So that you can see it in action, without having to do any integration work, we’ve made an imaginary use case available in ACME, our demo site. Here you can find examples of both synchronous and asynchronous identification with a test certificate so that you can check it out, in case you don’t have a real one. You can also take a look at the Tractis API site.